Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.124 Safari/537.36
Accept: */*
Referer: http://------------/sample/login
Accept-Encoding: gzip, deflate, sdch
Accept-Language: ja
Cookie: PLAY_SESSION="bd1bfc46473526b3f08278eb47781d6b8efb6644-returnUrl=%2Fsample"; __pbcd_debug=1; _kz_debug=1
--134f6f42-F--
HTTP/1.1 403 Forbidden
Content-Length: 300
Connection: close
Content-Type: text/html; charset=iso-8859-1
--134f6f42-E--
--134f6f42-H--
Message: Access denied with code 403 (phase 2). Pattern match "(^[\"'`\xc2\xb4\xe2\x80\x99\xe2\x80\x98;]+|[\"'`\xc2\xb4\xe2\x80\x99\xe2\x80\x98;]+$)" at REQUEST_COOKIES:PLAY_SESSION. [file "/etc/httpd/modsecurity.d/activated_rules/modsecurity_crs_41_sql_injection_attacks.conf"] [line "64"] [id "981318"] [rev "2"] [msg "SQL Injection Attack: Common Injection Testing Detected"] [data "Matched Data: \x22 found within REQUEST_COOKIES:PLAY_SESSION: \x22bd1bfc46473526b3f08278eb47781d6b8efb6644-returnUrl=/sample\x22"] [severity "CRITICAL"] [ver "OWASP_CRS/2.2.8"] [maturity "9"] [accuracy "8"] [tag "OWASP_CRS/WEB_ATTACK/SQL_INJECTION"] [tag "WASCTC/WASC-19"] [tag "OWASP_TOP_10/A1"] [tag "OWASP_AppSensor/CIE1"] [tag "PCI/6.5.2"]
Action: Intercepted (phase 2)
Apache-Handler: proxy-server
Stopwatch: 1434470975682625 1231 (- - -)
Stopwatch2: 1434470975682625 1231; combined=554, p1=196, p2=331, p3=0, p4=0, p5=27, sr=34, sw=0, l=0, gc=0
Response-Body-Transformed: Dechunked
Server: Apache/2.2.29 (Amazon)
Engine-Mode: "ENABLED"
--134f6f42-Z--